Mont Rothstein
2005-Nov-12 20:10 UTC
[Fedora-directory-users] Can''t authenticate to directory server
I can''t authenticate to my directory server from another machine. My directory server is running on RedHat ES4. I am trying to use Secure authentication (NTLM?) from a Windows C# .NET application. I suspect my problem is one of incorrect configuration on the directory server side. I can access the directory server from the Windows app using anonymous access. I created a user in the directory server and added that user to the Directory Administrators Group''s ACI. I also added the IP address of the machine I am trying to communicate from to the Hosts list in the Directory Administrators Group ACI. I can login to the console using my user (uid=mont,ou=people,dc=foray,dc=com) on my Linux server. I have tried logging in from the Windows app using both the full RDN and simply the user name "mont". Neither work. Any ideas as to what needs to be done to enable authentication from a remote machine would be greatly appreciated. Thanks, -Mont
Mont Rothstein
2005-Nov-12 21:58 UTC
[Fedora-directory-users] Re: Can''t authenticate to directory server
I solved my own problem, partially, but there is still something I don''t understand. My problem was in trying to use the Secure authentication type in my Windows app. When I changed the authentication type to None (which in Windows parlance means a simple bind) it worked. All of the entries I had made for allowing my specific host access, and permissions I had granted the account (adding the user to the Domain Admins) were unnecessary. However, what I can''t figure out is how to use any authentication that is stronger. I presume that the Windows None/simple bind equates to Plain. My supported sasl mechanisms are: external, plain, gssapi, digest-md5, cram-md5, and anonymous. Do I need to add to this list to communicate via stronger authentication with my Windows app, and if so how do I add to this list? Thanks, -Mont On 11/12/05, Mont Rothstein <mont.rothstein@gmail.com> wrote:> > I can''t authenticate to my directory server from another machine. > > My directory server is running on RedHat ES4. I am trying to use Secure > authentication (NTLM?) from a Windows C# .NET application. I suspect my > problem is one of incorrect configuration on the directory server side. > > I can access the directory server from the Windows app using anonymous > access. > > I created a user in the directory server and added that user to the > Directory Administrators Group''s ACI. I also added the IP address of the > machine I am trying to communicate from to the Hosts list in the Directory > Administrators Group ACI. > > I can login to the console using my user > (uid=mont,ou=people,dc=foray,dc=com) on my Linux server. I have tried > logging in from the Windows app using both the full RDN and simply the user > name "mont". Neither work. > > Any ideas as to what needs to be done to enable authentication from a > remote machine would be greatly appreciated. > > Thanks, > -Mont > >
Noriko Hosoi
2005-Nov-13 03:25 UTC
Re: [Fedora-directory-users] Re: Can''t authenticate to directory server
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Mont Rothstein wrote:
<blockquote
cite="mid467a83630511121358y55ece408s1c98df68b9a6917b@mail.gmail.com"
type="cite">I solved my own problem, partially, but there is still
something I don''t understand.<br>
<br>
My problem was in trying to use the Secure authentication type in my
Windows app. When I changed the authentication type to None
(which in Windows parlance means a simple bind) it worked. All of
the entries I had made for allowing my specific host access, and
permissions I had granted the account (adding the user to the Domain
Admins) were unnecessary.<br>
<br>
However, what I can''t figure out is how to use any authentication that
is stronger. I presume that the Windows None/simple bind equates
to Plain. My supported sasl mechanisms are: external, plain,
gssapi, digest-md5, cram-md5, and anonymous.<br>
</blockquote>
FDS supports digest-md5 and gssapi:<br>
<a class="moz-txt-link-freetext"
href="http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165">http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165</a><br>
<br>
Thanks,<br>
--noriko<br>
<blockquote
cite="mid467a83630511121358y55ece408s1c98df68b9a6917b@mail.gmail.com"
type="cite"><br>
Do I need to add to this list to communicate via stronger
authentication with my Windows app, and if so how do I add to this
list?<br>
<br>
Thanks,<br>
-Mont<br>
<br>
<br>
<div><span class="gmail_quote">On 11/12/05, <b
class="gmail_sendername">Mont Rothstein</b> <<a
href="mailto:mont.rothstein@gmail.com">mont.rothstein@gmail.com</a>>
wrote:</span>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt
0.8ex; padding-left: 1ex;">I
can''t authenticate to my directory server from another
machine.<br>
<br>
My directory server is running on RedHat ES4. I am trying to use
Secure authentication (NTLM?) from a Windows C# .NET application.
I suspect my problem is one of incorrect configuration on the directory
server side. <br>
<br>
I can access the directory server from the Windows app using anonymous
access.<br>
<br>
I created a user in the directory server and added that user to the
Directory Administrators Group''s ACI. I also added the IP
address
of the machine I am trying to communicate from to the Hosts list in the
Directory Administrators Group ACI.<br>
<br>
I can login to the console using my user
(uid=mont,ou=people,dc=foray,dc=com) on my Linux server. I have
tried logging in from the Windows app using both the full RDN and
simply the user name "mont". Neither work.<br>
<br>
Any ideas as to what needs to be done to enable authentication from a
remote machine would be greatly appreciated.<br>
<br>
Thanks,<br>
<span class="sg">-Mont<br>
<br>
</span></blockquote>
</div>
<br>
<pre wrap="">
<hr size="4" width="90%">
--
Fedora-directory-users mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a>
<a class="moz-txt-link-freetext"
href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a>
</pre>
</blockquote>
<br>
</body>
</html>
Mont Rothstein
2005-Nov-13 17:42 UTC
Re: [Fedora-directory-users] Re: Can''t authenticate to directory server
Thanks for the reference, I hadn''t found that yet. -Mont On 11/12/05, Noriko Hosoi <nhosoi@redhat.com> wrote:> > Mont Rothstein wrote: > > I solved my own problem, partially, but there is still something I don''t > understand. > > My problem was in trying to use the Secure authentication type in my > Windows app. When I changed the authentication type to None (which in > Windows parlance means a simple bind) it worked. All of the entries I had > made for allowing my specific host access, and permissions I had granted the > account (adding the user to the Domain Admins) were unnecessary. > > However, what I can''t figure out is how to use any authentication that is > stronger. I presume that the Windows None/simple bind equates to Plain. My > supported sasl mechanisms are: external, plain, gssapi, digest-md5, > cram-md5, and anonymous. > > FDS supports digest-md5 and gssapi: > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165 > > Thanks, > --noriko > > > Do I need to add to this list to communicate via stronger authentication > with my Windows app, and if so how do I add to this list? > > Thanks, > -Mont > > > On 11/12/05, Mont Rothstein <mont.rothstein@gmail.com> wrote: > > > > I can''t authenticate to my directory server from another machine. > > > > My directory server is running on RedHat ES4. I am trying to use Secure > > authentication (NTLM?) from a Windows C# .NET application. I suspect my > > problem is one of incorrect configuration on the directory server side. > > > > I can access the directory server from the Windows app using anonymous > > access. > > > > I created a user in the directory server and added that user to the > > Directory Administrators Group''s ACI. I also added the IP address of the > > machine I am trying to communicate from to the Hosts list in the Directory > > Administrators Group ACI. > > > > I can login to the console using my user > > (uid=mont,ou=people,dc=foray,dc=com) on my Linux server. I have tried > > logging in from the Windows app using both the full RDN and simply the user > > name "mont". Neither work. > > > > Any ideas as to what needs to be done to enable authentication from a > > remote machine would be greatly appreciated. > > > > Thanks, > > -Mont > > > > > ------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >